Potentially malicious applications and files (also known as “malware”) on a client device are often evaluated against a ruleset to define which applications and files are malicious. Over time, the rulesets used to evaluate the potential malware grows and, hence, evaluating each rule takes an increasing amount of computational resources on the client devices. In addition, the number of potentially malicious applications and files that are evaluated by the ruleset increases causing total evaluation times to increase. Traditionally, optimizing the ruleset such that it minimizes computational costs on a client device is a complex and prolonged procedure. Further, minimizing the malware collection process such that it increases time efficiency is a complex problem that can reduce detection and verification quality.